Methods and systems for imaging device credential management

ABSTRACT

Embodiments of the present invention comprise systems, methods and devices for eliminating multiple submission of user credential data in a system with multiple distinct restricted sub-systems wherein a unique credential is required for each sub-system.

RELATED REFERENCES

This application is a continuation-in-part of U.S. patent applicationSer. No. 10/962,248, entitled “Methods and Systems for Imaging DeviceRemote Application Interaction, filed on Oct. 8, 2004; this applicationis also a continuation-in-part of U.S. patent application Ser. No.10/961,793, entitled “Methods and Systems for Imaging Device Remote FormManagement, filed on Oct. 8, 2004; this application is also acontinuation-in-part of U.S. patent application Ser. No. 10/961,911,entitled “Methods and Systems for Imaging Device Remote LocationFunctions, filed on Oct. 8, 2004; this application is also acontinuation-in-part of U.S. patent application Ser. No. 10/961,594,entitled “Methods and Systems for Imaging Device Remote documentManagement, filed on Oct. 8, 2004; and this application is also acontinuation-in-part of U.S. patent application Ser. No. 10/962,103,entitled “Methods and Systems for Imaging Device Document Translation,filed on Oct. 8, 2004; this application also claims the benefit of U.S.Provisional Patent Application No. 60/704,066, entitled “Methods andSystems for Imaging Device Applications,” filed Jul. 28, 2005.

FIELD OF THE INVENTION

Embodiments of the present invention comprise methods and systems foreliminating multiple submission of user credential data in a system withmultiple distinct restricted sub-systems wherein a unique credential isrequired for each sub-system.

BACKGROUND

Imaging devices such as printers, copiers, scanners and fax machines canhave a wide array of functions and capabilities to fit specific uses orcombinations of uses. Imaging devices often take the form of amulti-function peripheral device (MFP) that combines the functions oftwo or more of the traditionally separated imaging devices. An MFP maycombine any number of imaging devices, but typically comprises thefunctions of a printer, scanner, copier and fax machine.

Some imaging devices may contain computing resources for data storageand processing such as processors, hard disk drives, memory and otherdevices. As imaging devices add more features and functions, they becomemore costly and complex.

More complex imaging devices and MFPs may comprise network connectivityto provide communication with other computing devices, such as personalcomputers, other imaging devices, network servers and other apparatus.This connectivity allows the imaging device to utilize off-boardresources that are available on a connected network.

Imaging devices typically have a user input panel with an array ofbuttons, knobs and other user input devices. Some devices also have adisplay panel, which can be for display only or can be a touch paneldisplay that enables user input directly on the display.

Devices with touch panel displays or displays with buttons arranged incooperation with the display can display menu data that may be selectedby user input. This menu data is typically driven by an on-board servermodule within the imaging device.

BRIEF SUMMARY OF THE INVENTION

Some embodiments of the present invention comprise methods and systemsfor management of credential data that is used to gain access torestricted systems and services.

Some embodiments of the present invention comprise methods and systemsfor eliminating multiple submission of user credential data in a systemwith multiple distinct restricted sub-systems wherein a uniquecredential is required for each sub-system.

The foregoing and other objectives, features, and advantages of theinvention will be more readily understood upon consideration of thefollowing detailed description of the invention taken in conjunctionwith the accompanying drawings.

BRIEF DESCRIPTION OF THE SEVERAL DRAWINGS

FIG. 1 is a diagram of an embodiment of the present invention comprisingan imaging device in connection with a remote computing device;

FIG. 2 is an image of an exemplary user interface for an imaging device;

FIG. 3 shows an exemplary imaging device;

FIG. 4 is a chart depicting steps of an imaging device method;

FIG. 5 is a chart depicting steps of an imaging device method using amarkup language;

FIG. 6 shows an exemplary remote computing device embodiment;

FIG. 7 is a diagram showing components of an exemplary remote computingdevice;

FIG. 8 is a chart showing steps of a remote computing device method;

FIG. 9 is a chart showing steps of a remote computing device methodusing a markup language;

FIG. 10 is a diagram showing a system comprising multiple imagingdevices in connection with a remote computing device;

FIG. 11 is a chart showing steps of a method comprising RCD processingof user input data;

FIG. 12 is a diagram showing components of some embodiments comprisinglinked resources;

FIG. 13A is a diagram of some system embodiments of the presentinvention comprising an imaging device, a single sign-on serverapplication (SOSSA) and a service;

FIG. 13B is a diagram of some system embodiments of the presentinvention comprising an imaging device, an access-control application, asingle sign-on server application (SOSSA) and a service;

FIG. 14 is a diagram of an exemplary user credential data table;

FIG. 15 is a chart depicting steps of a method of some embodimentscomprising a single sign-on server application in direct communicationwith an IDev;

FIG. 16 is a chart showing the steps of a method of some embodimentscomprising IDev, SSOSA and service interaction;

FIG. 17 is a chart showing the steps of a method of some embodimentscomprising SSO token request and issuance through an AccApp;

FIG. 18 is a chart showing the steps of a method of some embodimentscomprising an IDev in direct communication with an SSOSA;

FIG. 19 is a chart showing the steps of a method of some embodimentscomprising an IDev communication with an SSOSA through an AccApp;

FIG. 20 is a chart showing the steps of a method of some embodimentscomprising sending an SSO token to a service and receiving access;

FIG. 21 is a chart showing the steps of a method of some embodimentscomprising an SSOSA receiving an SSO token request directly from anIDev;

FIG. 22 is a chart showing the steps of a method of some embodimentscomprising an SSOSA receiving an SSO token request from an AccApp;

FIG. 23 is a chart showing the steps of a method of some embodimentscomprising sending user service credential data from an SSOSA to aservice;

FIG. 24 is a chart showing the steps of a method of some embodimentscomprising authenticating sign on credentials and requesting an SSOtoken from an AccApp; and

FIG. 25 is a chart showing the steps of a method of some embodimentscomprising a service exchanging an SSO token for user servicecredentials.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

Embodiments of the present invention will be best understood byreference to the drawings, wherein like parts are designated by likenumerals throughout. The figures listed above are expressly incorporatedas part of this detailed description.

It will be readily understood that the components of the presentinvention, as generally described and illustrated in the figures herein,could be arranged and designed in a wide variety of differentconfigurations. Thus, the following more detailed description of theembodiments of the methods and systems of the present invention is notintended to limit the scope of the invention but it is merelyrepresentative of the presently preferred embodiments of the invention.

Elements of embodiments of the present invention may be embodied inhardware, firmware and/or software. While exemplary embodiments revealedherein may only describe one of these forms, it is to be understood thatone skilled in the art would be able to effectuate these elements in anyof these forms while resting within the scope of the present invention.

Embodiments of the present invention comprise interfaces andarchitecture that integrate imaging devices with remote computing deviceapplications and environments to provide solutions that may not bepossible solely with an imaging device alone. Some embodiments comprisean infrastructure and set of interfaces that allow applications on anetwork to programmatically control imaging device functions andinteract with a user through an imaging device input panel. Softwarefunctions that are not practical within the imaging device can beperformed on the server but are accessible from the imaging device.

For the purposes of this specification and claims, an imaging device(IDev) may be described as a device that performs an imaging function.Imaging functions comprise scanning, printing, copying, imagetransmission (sending and receiving), image conversion and otherfunctions. Exemplary imaging devices comprise printers, copiers,facsimile machines, scanners, computing devices that transmit, convertor process images and other devices. An IDev may also perform multipleimaging functions. For example, and not by way of limitation, amulti-function peripheral device (MFP), which typically has thecapability to perform a plurality of functions comprising a printer,scanner, copier and/or a facsimile machine or imagetransmitter/receiver, is a type of imaging device. Other MFP imagingdevices may comprise other combinations of functions and still qualifyas an IDev.

For the purposes of this specification and claims, a remote computingdevice (RCD) is a device capable of processing data and communicatingwith other devices through a communications link. An RCD is a remotedevice because it requires a communications link, such as a networkconnection, a telephone line, a serial cable or some other wired orwireless link to communicate with other devices such as an imagingdevice. Some exemplary RCDs are network servers, networked computers andother processing and storage devices that have communications links.

Some embodiments of the present invention may be described withreference to FIGS. 1 & 2. These embodiments comprise an imaging device(IDev) 4 that may be a multi-function peripheral device (MFP) or asingle function device. The imaging device 4 further comprises a userinterface (UI) panel 2, which may comprise input buttons 14 and adisplay device 12 or may comprise a touch panel system with or withoutbuttons 14. User input and display may also be performed through aseparate UI device 8, which may be connected to the imaging device 4 bya communication link 12, such as a USB connection, a network cable, awireless connection or some other communications link. UI device 8 maycomprise an input device, such as a keyboard or buttons as well as adisplay device, which may also be a touch screen panel. UI device 8 mayalso comprise an interface for transfer of instructions that are inputto the device 8 from a remote input device. This form of UI device 8 maycomprise memory sticks, USB memory cards and other storage devices thatmay be configured to store input for transfer to an imaging device.

These embodiments further comprise a remote computing device (RCD) 6that is linked to the imaging device 4 via a communications link 10,such as a network connection. This network connection may be a typicalwired connection or a wireless link.

Embodiments of the present invention may provide menu data from the RCD6 to the imaging device UI panel 2 or remote panel 8 via the networkconnection 10. Once this menu data is fed to the imaging device 4, an UIpanel 2, 8 on the imaging device 4 may be used to interact withapplications that run on the remote computing device 6. User inputreceived from UI panels 2, 8 may be returned directly to the remotecomputing device 6.

A Web Service is a software application identified by a Uniform ResourceIdentifier (URI), whose interfaces and binding are capable of beingdefined, described and discovered by Extensible Markup Language (XML)artifacts and supports direct interactions with other softwareapplications using XML based messages via Internet-based protocols.

An application on the remote computing device 6 may use one or more WebServices to control various features in the imaging device 4, such asenabling, disabling or setting device values or controlling devicefunctions.

Embodiments of the present invention allow network applications runningon remote computing devices to interact with the user of the imagingdevice through the imaging device I/O panel. These embodiments allowimaging device user interface (UI) control (i.e., touch panel,button/display) by applications. Some embodiments may also integratecustom display screens or menus with the native imaging device UI.Embodiments may hand off control of imaging device functions betweenstandard operation modes performed on the imaging device in response touser input to an imaging device UI and open systems modes that utilizenetwork resources, such as applications on RCDs, through user input atthe imaging device UI.

Embodiments of the present invention comprise network-based applicationsthat have full control over the imaging device UI to display text andgraphics in any format. In these embodiments, the application canprogrammatically display buttons, textboxes, graphics, etc. in anylayout desired.

In some embodiments, the UI layout is easy to program using a standardlanguage, such as a markup language. These languages comprise HypertextMarkup Language (HTML), Extensible Markup Language (XML), WirelessMarkup Language (WML), Extensible Hypertext Markup Language (XHTML) andother languages.

In some embodiments of the present invention a remote computing deviceapplication or server application is able to request a keyboard UI to bedisplayed on the imaging device display 12, 8. In some embodiments, thisfunctionality is available on the imaging device and does not need to berecreated by remote computing device applications. In some embodiments,the remote computing device may define the keyboard prompt and defaultvalues. These embodiments may comprise a remote computing device that isable to rename imaging device UI buttons, such as the OK and Cancelbuttons as well as define additional buttons.

In some embodiments, menu templates may be served to the imaging deviceUI by the imaging device itself 4 or from a remote computing device 6.

External Authorization Application

Some embodiments of the present invention may comprise a remotecomputing device application that is registered as the ExternalAuthorization server. The External Authorization application may controlaccess to the imaging device and may have top-level control of the UI.UI control may be given to this application in the same manner thatcontrol is given to an internal auditor.

In these embodiments, when an imaging device system boots, it checks tosee if an External Authorization application is registered. If so, theimaging device is placed in disabled mode and the application iscontacted to take control of the UI. If the External Authorizationserver is not available, an error message may be displayed and thedevice may remain disabled. The imaging device may periodically try tocontact the External Authorization server until it is available. Table 1below describes what entity has control of the UI, in an exemplaryembodiment, when the device is in a disabled state.

TABLE 1 UI Control in Disabled State Indicator Button Press UI ControlLights Device boots External Application None Document Filing ExternalApplication None Image Send External Application None Copy ExternalApplication None Job Status Device - standard Job Status screens JobStatus Custom Settings Device - standard Custom Settings N/A screens OSMode Not available when device is disabledRemote Computing Device Applications

In embodiments of the present invention, access to the custom UI panelsof imaging devices may vary from application to application. Somesolutions, such as Document Management integration, may wish to leveragethe native Image Send screens, but display some custom UI's to gatheradditional information about a scan job. Other solutions, like customprinting applications, may be accessed from a separate mode than thenative functions.

In order to accommodate the diversified needs of these solutionsapplications, embodiments may support multiple integration points for UIcontrol. These integration points are based on a user action (“trigger”)for which applications may register. In some embodiments, applicationsmay be registered with target devices so that the device knows that when“trigger A” occurs on the front panel to contact “remote computingdevice B” for instructions. In exemplary embodiments, applications maybe integrated with an imaging device at any of several “trigger” points.

Remote computing devices may be registered to a specific function andcontacted when that function's hardware key is pressed (e.g. Image Send)on the imaging device UI. Any UI information provided by the remotecomputing device may be displayed instead of the standard functionscreens native to the imaging device. This trigger may be used forapplications that wish to replace the existing functions with completelycustom UI's, such as an alternative scan solution or a specializeddisplay, such as a “Section 508” compatible screen or otherspecialized-need interface that may have large buttons or otheraccommodations.

In some embodiments, each function on the imaging device may have a menuon the touch screen that remote computing devices, such as servers, canregister. This enables solutions applications to provide custom contentand still use some of the standard functionality provided by the imagingdevice. When a button assigned to a custom application is selected, amenu will be displayed with the solutions registered to that function.Users may select the desired solution and the remote computing devicewill be contacted for instructions.

In some embodiments, a stand-alone RCD mode that provides remotecomputing device application access can be accessed from the job queueportion of the UI that is displayed on every screen. This trigger pointmay be used for applications that do not fit within one of the standarddevice functions, such as custom printing solutions on an imagingdevice. When the RCD menu is selected, a menu will be displayed with thesolutions applications registered to the generic RCD mode. Users willselect the desired solution and the remote computing device will becontacted for instructions.

Hardware Key Interaction

In some embodiments of the present invention, when an imaging device isenabled, additional hardware keys may be used to manage the device.Hardware key assignments for an exemplary embodiment are shown in table2.

TABLE 2 Exemplary Hardware Key Assignments Button Press Standard IDevMode RCD Mode Mode keys (Copy, Clear current job Clear current job DocFiling, Image settings, move to settings, move to Send) and Customtarget screen target screen Settings key Job Status key Move to JobStatus, Move to Job Status, maintain current maintain current settings &UI settings & UI location location Clear (C) Clears settings Sends clearevent to external application Clear All (CA) Clears settings, Cancelsjob and cancels job, and returns to default returns to default IDevscreen IDev screen (notification sent to external application) **WhenExternal Authorization is controlling the UI, only notification is sentStart Initiates scan Initiates scan function function Number keys Inputfor copy Not used count or fax numbers * Logs user out Logs user out(disable device (disable device and contact External and contactExternal Authorization for Authorization for screens) screens)

In some embodiments, in addition to the * key for logout, a timeoutperiod may be implemented. Some embodiments also comprise an auto clearsetting that can be configured for a given period of time, such as 10 to240 seconds (or disabled). In these embodiments, when there is noactivity for the time configured in auto clear, the device mayautomatically return to disabled mode and attempt to contact a remotecomputing device to retake control of the UI.

Error & Jam Notifications

Depending on a particular solution, a remote computing deviceapplication may have full or only partial control of the imaging deviceUI and a particular imaging job. In some embodiments, partial controlmay include cases where a remote computing device is monitoring clicks,but native modes are responsible for the UI interaction and controllingthe job. Partial control may also include cases where the remotecomputing device application is integrated with a native mode (UItrigger=function custom menu). In these embodiments, the imaging devicemay handle all error and jam notifications with only a notification sentto the relevant remote computing device application.

For some embodiments, in cases where the remote computing deviceapplication has full control over the UI and the job, error and jamnotifications may be handled differently depending on the type of error.For recoverable errors, a notification may be sent to the remotecomputing device application and the application may be responsible fordisplaying messages and resolving the error. For non-recoverable errors,the imaging device and RCD mode may interact to gracefully handle theerror condition (e.g. provide user with instructions for clearing jam).

Control Handoffs

In some embodiments, at different points throughout an imaging job,several applications may need control over an imaging device including,but not limited to, an External Authorization application, a standardRCD application, an imaging device native mode and other applications.The following section describes, for an exemplary embodiment, thevarious steps in an exemplary job, the entities that may have controlduring each step, and what type of control may be allowed.

Step 1: User provides credentials to access the device at the device UI.This step may be controlled by a remote computing device, such as anExternal Authorization application or by Internal Accounting (nativemode) in the imaging device itself. At the end of this step, the deviceis enabled. The External Authorization application may also specifydefault parameters or disable specific job parameters (e.g. default fileformat is PDF, but user may change; color mode is set to B/W and usermay not change).

Step 2: User sets parameters for the job using one of the native imagingdevice modes or a standard RCD application. At the end of this step theuser makes an input to initiate the job. When the input is made, anoptional notification may be sent to the standard RCD application, whichcan then change job parameters if desired. An e-mail application is oneexample of an application that may request notification when the userinput is made. A user may use native Image Send screens or other inputto select scan options and choose e-mail recipients. A user may thenselect a custom application button and choose the scan-to-e-mail optionfrom the menu. The e-mail application may then display custom screensfor the user to set permissions for the file. Once a user places theoriginal document(s) on the scanner and initiates the process, thee-mail application may capture the destination parameters set by theuser and change the target destination to the e-mail application FTPserver. The e-mail application may then receive the file, apply theappropriate permissions, and send to the e-mail recipients selected bythe user. A remote computing device application may also want to retakecontrol of the UI at this point, if, as in some embodiments, theapplication generates thumbnails of the scanned images and displays themto the user for verification.

Step 3: Once the job is initiated, the imaging device is responsible forscanning or RIPing the job and spooling it to the HDD. If the imagingdevice is configured to authorize jobs with an external authorizationapplication, it may send a click report to the application and wait forinstructions. The external authorization application may enable the jobfor sending/printing, cancel the job, or change job parameters (and thenenable). As an example, a rules-based printing application may wish tochange job parameters after it receives a click report. Some rules-basedprinting applications support rules-based printing and scanning that canlimit what each user is allowed to do based on the time of day, thedestination, or many other parameters. For example, only users in themarketing group may be able to scan high-quality color images. If a userfrom another group selects color and 600 dpi, a rules-based applicationmay change the parameters to color and 200 dpi. At the end of this stepthe job should either be authorized or canceled.

Step 4: In some embodiments, this may be an optional step, where thestandard RCD application in step 2 may have specified the destination asa HDD for temporary storage. This step may also be used, in someembodiments, by a Java application running on the imaging device. Forexample, a government office may have a custom encryption applicationrunning on the device that takes the scanned document, encrypts it, andthen requests the imaging device to send it to the target destinationselected by the user in step 2. In some embodiments, it may bebeneficial to send a notification to the external authorizationapplication after this step—because the imaging device does not know howlong the file will be on the HDD or what the application is going to dowith it—and after the send/print step.

Step 5: In the final step, the file is actually output. In typicalembodiments, the file is either sent over the network or printedlocally. At the end of this step, a notification that the job wassuccessfully completed should be sent to the external authorizationapplication and optionally, to the standard RCD application.

Device Control and Management API's

The API's may be used to allow a remote computing device application tocontrol access to an imaging device for vend applications and to managethe device from a remote location.

Device Control and Vend API

In some embodiments of the present invention, a Device Control and VendAPI allows applications to enable and disable access to the device andtrack click counts. The Device Control and Vend API may provide an RCDwith the following controls:

Enable/disable device of function—this may allow an RCD to enable ordisable access to the device as a whole or by function to enforceindividual user privileges. In some exemplary embodiments, the functionslisted in Table 3 may be selectively enabled or disabled by anapplication.

TABLE 3 Device Functions Enable/Disable Description Copy Copy function(Copy button) Image Send Scan and fax function, plus send from DocFiling (Image Send button) Document Filing All access to Document Filingfunctions (Document Filing button) Print Network prints, pull print fromfront panel, and print from Document Filing (No button control)

Report clicks used—at the end of a successful job, the clicks used maybe reported back to an RCD including:

TABLE 4 Job and Page Characteristics Fax PC- E-mail/ Broad- Scan ItemCopy Print Send Fax FTP cast to HD JOB Characteristics Job Mode Yes YesYes Yes Yes Yes Yes Broadcast No No Yes Yes Yes Yes No Manage No. UserName Yes Yes Yes Yes Yes Yes Yes Address No No Yes Yes Yes # No StartTime Yes Yes Yes Yes Yes Yes Yes End Time Yes Yes Yes Yes Yes Yes YesTotal Page Yes Yes Yes Yes Yes Yes Yes Result Yes Yes Yes Yes Yes YesYes Error Cause No No Yes Yes Yes Yes No Doc Filing Yes Yes Yes Yes YesYes Yes Save Mode *1 *1 *1 *1 *1 *1 *1 File Name *1 Yes *1 Yes Yes *1Yes File Size Yes Yes *1 *1 *1 *1 Yes Resolution Yes Yes Yes Yes Yes YesYes Special Yes Yes Yes No Yes Yes Yes Finishing Yes Yes No No No No NoFile Format No No No No Yes Yes No Compression No No No No Yes Yes NoPAGE Characteristics Copy Yes Yes Yes Yes Yes # Yes Paper Size Yes YesYes Yes Yes Yes Yes Simplex/duplex Yes Yes Yes Yes Yes Yes Yes PaperType Yes Yes Yes Yes No No Yes Page Yes Yes Yes Yes Yes Yes Yes *1 - Yeswhen Document Filing is used

Debit mode—in these embodiments, when an application enables the deviceit may specify if the current job requires authorization. If so, the jobwill be spooled to memory and click information (e.g., as defined inTable 4) will be sent to an RCD. An RCD will then notify the device ifthe job should be deleted or output/sent. At this point, the applicationalso has the option of changing job parameters. If the application doesnot require authorization, the job will continue as normal and a clickreport will be sent at the end of the job.

Print job accounting—in these embodiments, an RCD may wish to monitorprint jobs along with walk-up functions. For print job accounting, anIDev may monitor all incoming print jobs and send accounting data in thePJL header to an RCD for verification before printing the job. The RCDwill evaluate the accounting data (or lack thereof) and inform the IDevto continue with or cancel the job.

Report on unidentified jobs—in these embodiments, an RCD may also wishto monitor print jobs that it cannot associate to a specific user, suchas device reports and incoming fax jobs. The RCD can register to receiveclick counts for all unidentified jobs, so that it may bill them to ageneral account.

Device Management API

In some embodiments of the present invention, a Device Management APIallows a network application to remotely setup and manage the imagingdevice. In exemplary embodiments, the Device Management API may providean RCD with the following controls:

-   -   Device status—an RCD may request the current status of the        device. This is the same status information as reported on the        embedded web pages.    -   Device configuration—an RCD can retrieve a list of installed        options supported by the device.    -   Web Page settings—an RCD application can retrieve and set any of        the values that are configurable on the embedded web pages.    -   Key Operator Programs—an RCD application can retrieve and set        any of the values that are configurable in Key Operator        Programs, including software keys.    -   Custom Settings—an RCD application can retrieve and set any of        the values that are configurable in Custom Settings.    -   Job Status—an RCD application can retrieve the current job queue        and history information and reprioritize or delete jobs in the        queue.    -   Click counts—an RCD application can retrieve device total counts        and clicks for each function by account code.    -   Data Security settings—an RCD application may retrieve the        status information on the DSK (e.g. last erase) and initiate        data clear functions.    -   RED data—an RCD can retrieve all data typically sent in a RED        message.    -   Remote reboot—an RCD can initiate a reboot of the imaging        device.

The above groupings are provided only as an exemplary embodimentdetailing which settings should be included. In some embodiments, actualAPI's should be grouped by functional areas since there may be overlapbetween Key Operator settings and web page settings.

Internal Accounting API

In some embodiments, an Internal Accounting API may allow a remotecomputing device application to configure internal accounting and reportclick counts. In some exemplary embodiments an Internal Accounting APImay include:

-   -   Set Auditing Options—an RCD may set auditing options including        which modes auditing is enabled for, “account number security”,        and “cancel jobs of invalid accounts.”    -   Manage Account Codes—an RCD can add, edit, or delete account        codes    -   Account Limits—an RCD application can specify a maximum number        of clicks by function for individual account codes or for all        account codes    -   Account Reset—an RCD application can reset the click count for        an individual account or for all accounts    -   Retrieve Clicks—an RCD can retrieve the number of clicks by        function for each account code        Font and Form Management API

Some embodiments of the present invention may comprise a Font and FormManagement API, which allows an RCD application to remotely download andmanage fonts and forms in mass-storage. In some exemplary embodiments, aFont and Form Management API may provide a remote computing device withthe following controls:

-   -   Mass storage control—an RCD application can retrieve mass        storage status information including storage capacity, space        available, and write-protect mode plus modify write-protect        status.    -   Resource list—an RCD application can retrieve a list of stored        fonts and forms including font or macro ID, font number,        font/form name, escape sequence, and file size.    -   Download resource—an RCD application can download PCL fonts, PCL        macros, and PS fonts and forms. Any special processing that is        performed when a resource is downloaded via the web pages will        also be performed when the resource is downloaded via Open        Systems.    -   Delete resource—an RCD application can delete any resource        stored in mass storage.    -   Upload resources—an RCD application can upload an individual or        all resources. On devices where effective memory management is        unavailable, a server application can use this function to        “defrag” mass storage.    -   Font/macro ID's—an RCD application can assign or modify the ID's        assigned to PCL fonts and macros.        Firmware Management API

In some embodiments of the present invention, a Firmware Management APImay allow a remote computing device or network application to remotelydownload and manage the imaging device firmware. In some exemplaryembodiments, a Firmware Management API may provide a remote computingdevice (e.g., a server) with the following controls:

-   -   Firmware versions—an RCD application can retrieve the current        firmware version numbers.    -   Service mode—an RCD application can place the MFP in service        mode to lockout other jobs that will interfere with firmware        upgrade. Upon receiving a service mode request, the IDev will        stop accepting incoming jobs, complete all jobs in the queue,        and then notify the server that it is in service mode.    -   Update firmware—an RCD can download an updated firmware version        to the device. If a reboot is necessary, the IDev will perform        it automatically when download is complete.    -   Download status—the IDev will send a status notification        (success/error) to an RCD after firmware download.    -   Revert to previous version—if firmware update is not successful,        the application can request the IDev to revert to the previous        firmware version.

Device Function API's

In some embodiments of the present invention, device function API'sallow a remote computing device application to use existing imagingdevice functionality to provide new custom solutions.

Image Send API

In some embodiments, an Image Send API may provide the remote computingdevice application with the following controls:

-   -   Image Send Parameters—a remote computing device application can        get and set values for the following scan and fax parameters:        -   COLOR OR B/W        -   IMAGE MODE—TEXT, TEXT/PHOTO, PHOTO; EXPOSURE LEVEL        -   RESOLUTION        -   FILE FORMAT—FILE TYPE, COMPRESSION, AND PAGES PER FILE        -   ORIGINAL—ORIGINAL SIZE, SIMPLEX/DUPLEX, ROTATE, AND JOB            BUILD        -   FILENAME        -   SUBJECT        -   MESSAGE        -   SENDER        -   SCHEDULE SEND TIME        -   PAGE DIVISION (BOOK SCANNING)        -   COVER PAGE        -   TRANSMISSION MESSAGE (CONFIDENTIAL, URGENT, ETC.)        -   THIN PAPER SCANNING        -   DESTINATION        -   DOCUMENT FILING    -   Initiate Scan—the remote computing device application can        initiate the scan function (same as user pressing start button).

In some embodiments, a remote computing device can change the defaultvalues on the imaging device or the values for the current job. For thecurrent job, the remote computing device may also specify if scanparameters may be modified by the user or not. If one remote computingdevice application (e.g. Access Control) specifies that a parametercannot be changed and then a second application (e.g. DocumentManagement) tries to set the parameter, a notification may be sent tothe second application and the setting will not be changed.

Print API

In some embodiments, print jobs may be submitted by remote computingdevice applications using standard printing channels. In some exemplaryembodiments, a Print API may provide a remote computing device with thefollowing additional control:

-   -   PJL sniffing—an RCD application can register with the IDev to be        contacted for instructions when a specific PJL command is found        in a print job. The RCD can then instruct the IDev to replace        the command, cancel the job, or continue printing. This        interface may be used in applications like accounting and        other-brand compatibility.        Copy API

In some embodiments of the present invention, a Copy API may provide aremote computing device with the following exemplary controls:

-   -   Copy Parameters—an RCD application can get and set values for        the following copy parameters:        -   COLOR OR B/W        -   EXPOSURE—TEXT, TEXT/PHOTO, PHOTO, SUPER PHOTO; EXPOSURE            LEVEL        -   PAPER SELECT (BY TRAY)        -   COPY RATIO        -   2-SIDED COPY—1TO1, 1TO2, 2TO2, 2TO1; BINDING EDGE        -   OUTPUT—OUTPUT TRAY, SORT, STAPLE, GROUP, OFFSET        -   ORIGINAL SIZE        -   SPECIAL FUNCTIONS—MARGIN SHIFT, ERASE, PAMPHLET, ETC.        -   DOCUMENT FILING    -   Initiate Copy—an RCD application can initiate the copy function        (same as user pressing start button).

In some embodiments, a remote computing device can change the defaultvalues on the imaging device or the values for the current job. For thecurrent job, the remote computing device may also specify if copyparameters may be modified by the user or not.

Document Filing API

In some embodiments of the present invention, a Document Filing API mayprovide a remote computing device with the following exemplary controls:

-   -   Backup/restore—the remote computing device application can        import and export a batch file with all Document Filing data. In        some embodiments, this package will be in a proprietary format        since it contains documents that are password-protected and        should not be accessed individually—this is typically for        restore in case of failure or cloning to other devices.    -   File/folder list—the remote computing device application can        retrieve, modify, and create new files and folders to be stored        on the IDev (also covered in device management).    -   Download file—the remote computing device can download a new        file to the Document Filing systems and specify folder,        filename, username, and password.    -   User list—the remote computing device application can retrieve,        modify, and create new users to be stored on the IDev (also        covered in device management).    -   HDD Status—the remote computing device application can retrieve        the current HDD status including the % allocated to the main        folder, quick folder, and custom folders and the % remaining.    -   Doc Filing Parameters—the remote computing device application        can get and set values for storing a file to Doc Filing        including:        -   EXPOSURE        -   RESOLUTION        -   ORIGINAL—SIZE, SIMPLEX/DUPLEX        -   FILE INFORMATION—USERNAME, FILENAME, FOLDER, CONFIDENTIAL,            PASSWORD        -   SPECIAL MODES—ERASE, DUAL PAGE COPY, 2IN1, JOB BUILD, CARD            SHOT    -   Initiate Print—the remote computing device application can        select a stored file and initiate a print including the        following parameters:        -   PAPER SIZE/SOURCE        -   OUTPUT—SORT/GROUP, OUTPUT TRAY, STAPLE, PUNCH, OFFSET        -   SIMPLEX/DUPLEX (TABLET/BOOKLET)        -   TANDEM PRINT        -   NUMBER OF COPIES        -   DELETE OR STORE AFTER PRINTING    -   Initiate Send—the remote computing device application can select        a stored file and initiate a send including the following        parameters:        -   RESOLUTION        -   FILE FORMAT        -   DESTINATION        -   TIMER        -   SENDER        -   FILENAME        -   SUBJECT        -   MESSAGE

Security

Allowing external applications to control an imaging device opens up theimaging device to new security vulnerabilities. In embodiments of thepresent invention that provide some security measures, the followingexemplary items are security concerns that may be addressed by theremote computing device interface.

Access to remote computing device interfaces may be limited to validapplications. Embodiments provide extensive access and control of theimaging device, which poses a significant security risk. The interfaceof these embodiments may be protected from access by attackers, whilemaintaining ease of setup and use for valid solutions.

Confidential data (user credentials and job data) may be protectedduring network transfer. User credentials and job data may be securedduring network transfer to ensure that it cannot be stolen, an intrudercannot monitor device activity, and a man-in-the-middle attack cannotchange messages. Imaging devices may support Secure Sockets Layer (SSL)and other connections to ensure data is safe while being communicatedbetween the imaging device and remote computing device applications.

Administrators may have the ability to lock-down imaging device access.For users with strict security policies, administrators may have theability to disable access by remote computing devices or limit access tospecific applications. Administrators may have an option to register thelimited applications that they wish to access the imaging deviceinterfaces.

Remote computing device applications may ensure the imaging device isnot being “spoofed.” The remote computing device may be able toauthenticate an imaging device that it is contract with it to ensure anintruder cannot imitate the imaging device to collect networkconfiguration and password information, monitor file/folder structuresof a document management system, or spoof security settings and DSKstatus of the imaging device.

A remote computing device may ensure that the server is not being“spoofed.” The imaging device must be able to authenticate all remotecomputing devices that it is in contact with to ensure that an intruderis not spoofing the remote computing device's IP address. By pretendingto be the remote computing device, an intruder could steal usercredentials, redirect scanned documents, change device settings orfirmware, or bring down the access control system (either to provideaccess to unauthorized users or initiate a denial of service attack forvalid users).

Access control/vend applications may not be compromised when a remotecomputing device is unavailable. When the remote computing device isunavailable, it may not be acceptable to provide open access to thedevice. If the remote computing device is unavailable at startup orbecomes unavailable at anytime (e.g. someone disconnects network cable),the imaging device may immediately be disabled and an error messagedisplayed.

An administrator may be able to adjust a security level based on companyand application requirements. Security requirements can have a largeimpact on the time it takes to develop a remote computing deviceapplication and the resources required to implement the solution. Usersusing some embodiments may range from a small business with one imagingdevice, no IT staff, and a simple scan or print application to a largegovernment office using access control and audit trails to track alldevice activity. The security measures used to protect imaging deviceinterfaces may be adjustable by the administrator to match the targetenvironment.

The imaging device and remote computing device applications may be ableto hand-off user credentials. Users may be prompted to login at multiplepoints throughout a job. For example, an access control application oraccounting application may control total device access, the imagingdevice may have user authentication enabled for Image Send, and adocument management application may require user login before showing afolder list. In many environments, all of these applications will use acommon user database. In some embodiments, it is, therefore, desirablefor the applications to pass user credentials to each other, so thateach one does not have to repeat the authentication process.

Some embodiments of the present invention may be described withreference to FIG. 3. These embodiments comprise an imaging device only,which is configured to interact with a remote computing device, such asa server through a communications link. The imaging device 30 comprisesa user interface 32, which comprises a user input device 34, such as akeypad, one or more buttons, knobs or switches or a touch-screen paneland a display 36, which may comprise user input device 34 in the form ofa touch-screen panel.

Imaging device 30 will typically be capable of performing one or moreimaging functions including, but not limited to, scanning, printing,copying, facsimile transmission (sending and receiving) and others.

These embodiments further comprise a communications link 38, which maybe a wired connection (as shown in FIG. 3) comprising a network cable, aUniversal Serial Bus (USB) cable, a serial cable, a parallel cable, apower line communication connection such as a HomePlug connection orother wired connections. Alternatively, the communications link 38 maycomprise a wireless connection, such as an IEEE 802.11(b) compliantconnection, a Bluetooth connection, an Infrared Data Association (IrDA)connection or some other wireless connection.

The operation of some imaging device embodiments may be explained withreference to FIG. 4. In these embodiments, menu data is received 40 froma remote computing device (not shown in FIG. 3), which is connected tothe imaging device 30 via the communication link 38 through a wired orwireless connection. This menu data is then displayed 42 on the imagingdevice user interface display 36. This display of remote menu data isintended to prompt a user to make an input on the user interface inputdevice 34.

Imaging devices of these embodiments are further configured to acceptinput from a user in response to a display of remote menu data andcommunicate 44 that user input to a remote computing device. In someembodiments, this user input data will be processed by a remotecomputing device. This may comprise running an application on the remotecomputing device. This processing may also comprise accessing andcommunicating data that is stored on the remote computing device.

The imaging devices of these embodiments are further configured toreceive 46 data resulting from processing the user input data. This maycomprise data generated by an application running on the remotecomputing device in response to the user input. The imaging device mayalso receive data that was stored on a remote computing device, such asa file server, in response to processing the user input.

Once the imaging device 30 has received 46 the processed data, theimaging device 30 may perform 48 a native function in response to thedata or using the data. For example, and not be way of limitation, theimaging device 30 may print a document that was stored on the remotecomputing device and modified on the remote computing device accordingto the user input. As another non-limiting example, the imaging device30 may active or enable functions (i.e., scanning, copying, printing,fax transmission) on the imaging device in response to the receipt 46 ofprocessed data.

Some, more specific, imaging device embodiments may be explained withreference to FIG. 5. In these embodiments, the imaging device 30 isconfigured to receive 50 menu data formatted in a markup language from aremote computing device. The communication link by which the menu datais communicated may be established and maintained using a HypertextTransfer Protocol (HTTP). The markup language may comprise terms fromHypertext Markup Language (HTML), Extensible Markup Language (XML),Wireless Markup Language (WML), Extensible Hypertext Markup Language(XHTML) and/or other languages.

Once the menu data is received 50, it may be displayed 52 on the imagingdevice user interface display 36. As in previously describedembodiments, the menu data is typically intended to prompt user input onimaging device user interface 32. Display 52 of the remotely-stored menudata may be accomplished with a browser application that is native tothe imaging device 30.

In these embodiments, the imaging device 30 is further configured toroute 54 user input received though its user interface 32 to a remotecomputing device. The remote computing device that receives the userinput may then run an application or otherwise process the user inputand return the results of the processing to the imaging device 30.Accordingly, the imaging device 30 is further configured to receive 56processed data from a remote computing device. In some embodiments, theimaging device 30 may perform one or more functions in response to thereceipt 56 of processed data.

Some embodiments of the present invention may be explained withreference to FIG. 6. These embodiments comprise a remote computingdevice (RCD) 60, which has a communications link 64. Communications link64 may be a wired connection (as shown in FIG. 6) comprising a networkcable, a Universal Serial Bus (USB) cable, a serial cable, a parallelcable, a powerline communication connection such as a HomePlugconnection or other wired connections. Alternatively, the communicationslink 64 may comprise a wireless connection, such as an IEEE 802.11(b)compliant connection, a Bluetooth connection, an Infrared connection,such as those defined in the Infrared Data Association (IrDA) standardor some other wireless connection. In some embodiments, RCD 60 mayfurther comprise a data storage device 62, which is typically a harddrive, but may also be an optical drive device, such as an array ofcompact disk drives, flash memory or some other storage device.

Embodiments of RCD 60 may be further described with reference to FIG. 7.In these embodiments, RCD 60 comprises a processor 72 for processingdata and running programs such as operating systems and applications.RCD 60 may further comprise memory 74, which may be in the form ofRandom Access Memory (RAM) and Read Only Memory (ROM). Generally, anyapplications processed by processor 72 will be loaded into memory 74.RCD 60 may further comprise a network interface 78, which allows RCD 60to communicate with other devices, such as an imaging device 30. In someembodiments, RCD 60 may also comprise a user interface 80, but this isnot required in many embodiments. Storage 62 may be used to storeapplications and data that may be accessed by an imaging device 30 ofembodiments of the present invention. Processor 72, memory 74, storage62, network interface 78 and, optionally, user interface 80 aretypically linked by a system bus 76 to enable data transfer between eachcomponent. Communications link 64 may couple the RCD 60 to other devicesvia network interface 78.

In some embodiments, described with reference to FIG. 8, an RCD 60 maycomprise menu data stored on storage device 62 or in memory 74. Thismenu data may be configured for display on an imaging device userinterface 32. Menu data may be stored in many formats andconfigurations. In some embodiments menu data may take the form of termsexpressed with a markup language. The markup language may comprise termsfrom Hypertext Markup Language (HTML), Extensible Markup Language (XML),Wireless Markup Language (WML), Extensible Hypertext Markup Language(XHTML) and/or other languages. In these embodiments, menu data may besent 82 through a communications link 64 to an imaging device 30.Accordingly, menu data configured for display on an imaging device isstored on RCD 60.

An RCD 60, of some embodiments, will be further configured to receive 84user input obtained through the user interface 32 of an imaging device30 and transferred to the RCD 60 over communications links 38 & 64. Oncethis input data is received at an RCD 60, the input data may beprocessed 86. This processing 86 may comprise conversion of the data toa new format, execution of commands contained within the data or someother process. Once the input data has been processed 86, the processedoutput may be sent 88 back to the imaging device 30 where the processedoutput may be used in an imaging device process or function.

In some embodiments, as described with reference to FIG. 9, an RCD 60may send 90 menu data configured for an imaging device display 36 usinga markup language. The markup language menu data is then received at theimaging device 30 and displayed to a user. Typically, this will promptthe user to enter an input on the imaging device user interface 32. Thisuser input will then be sent by the imaging device 30 to the RCD 60. TheRCD 60 will then receive 92 the input data prompted by the display ofthe menu data on the imaging device 30. Once received, the input datamay be processed 94 on the RCD 60. Processing may comprise theselection, recordation and/or modification of a form, document or otherdata stored on RCD 60, the authorization of a user identified by theuser input, the translation of a document input by the user, generationof a map or other directions related to user input or some other processor function.

Some embodiments of the present invention may be described withreference to FIGS. 10 & 11. These embodiments comprise at least one RCD60 and a plurality of imaging devices 30 a-30 d. In these embodiments,at least one of the imaging devices 30 a-30 d comprises a user interface32 with a display 36 and user input panel 34 that is integral with thedisplay (i.e., touch-screen) or a separate input unit. RCD 60 isconnected to imaging devices 30 a-30 d by a communications link andnetwork 100 to enable data transmission between RCD 60 and imagingdevices 30 a-30 d.

In these embodiments, menu data is stored on RCD 60 and sent 110 to atleast one of the imaging devices 30 a-30 d where the menu data isdisplayed on a user interface. Any of Imaging devices 30 a-30 d thatreceive the menu data are configured to accept 112 and transmit 114 userinput to an RCD 60. Once the user input data is received at the RCD, thedata may be processed 116 as discussed in previously describedembodiments. The result of processing 116 may then be sent 118 back toany combination of the imaging devices 30 a-30 d.

In these embodiments, a single RCD 60 may be used to provide processingpower, resources and functionality to a plurality of imaging devices 30a-30 d without reproducing these resources in each imaging device. Insome embodiments, data generated by input on one imaging device 30 a maybe directed to another imaging device 30 d for processed data output orfinal processing.

Some embodiments of the present invention may be described withreference to FIG. 12. In these embodiments, an imaging device (IDev) 120comprises a user interface 124, which is capable of receiving user inputand displaying data to a user. The user interface 124 will typicallycomprise a display, often in the form of a touch panel. The display maybe used to display data to a user. This data may comprise menu data toprompt for a user selection or data entry, such as a user ID andpassword, form selection or some other input. The imaging device 120 hasa communication link 122, which may comprise a typical computer networkconnection, a serial cable or some other wired or wireless communicationlink as described in other embodiments. The communication link 122 mayconnect the imaging device 120 to a remote computing device (RCD) 126 a,126 b, such as a server. The RCD 126 a, 126 b may be used to storedocuments, such as forms, and other data and make that data accessiblefrom the imaging device 120. The RCD 126 a, 126 b may also executeapplications that interact with or receive input from the imaging device120 and its user interface 124. In some embodiments, a database 125 maybe linked to the imaging device 120 and/or an RCD 126 a, 126 b. In someembodiments, an RCD 126 b or database 125 may be connected to an IDev120 over a wide area network such as the internet 128.

Access Credential Management Embodiments

Some embodiments of the present invention comprise methods and systemsthat provide for reduction or elimination of repeated submission of usercredential data in a system with multiple, distinct, restrictedservices, wherein a unique credential is required for each sub-system.In a typical imaging device (IDev) system, IDevs may be placed underaccounting control, meaning that they are connected to an applicationrunning on a server that is tasked with recording the IDev's activity.In addition to recording activity, such as the number of copies made byeach user, the accounting server application may also enable and disablecertain or all functions of the IDev depending on a user's credentials.An accounting application or an access-control application may alsocontrol access to applications running on remote servers, depending onthe credentials submitted by a user logging onto the device. In thismanner, applications and functions may be restricted to specific usersand fees may be charged to specific accounts for the use of specificapplications and functions. An accounting application (AcctApp)comprises an access control application (ACA), typically to limit accessto specific account holders.

In a typical system, when a user wishes to access a remote application,such as a document management system (DMS) or some other function orapplication, the user must first sign-on to the IDev accounting serverapplication (AcctApp) or an access control application (ACA). Thisprocess may comprise submission of credentials and authentication ofthose credentials by the AcctApp. The user may then select anapplication such as a DMS, but will generally be asked to again submitDMS-specific user credentials to access this independent application. Ifthe user then selects another function or application, the user mayagain be prompted to submit credentials specific to that function orapplication. For users with complex workloads, credential submission canbe tedious, time consuming and difficult to manage.

Embodiments of the present invention comprise methods and systems thathave the capability to eliminate multiple and sometimes redundantsubmission of user credential data by using a single sign-on serverapplication (SSOSA) that manages credential data and dispenses thecredentials to the appropriate services such as functions and/orapplications. In some embodiments a SSOS may comprise a user credentialdata table capable of matching the credentials of authorized users withthe credential requirements of all supported functions and applications.An exemplary user credential data table may comprise a column containingsign-on token data linked to other columns containing initial accountingserver application credential data as well as columns containing sign-oncredential data for all the supported functions and applications.

The SSOSA may operate as part of a network in conjunction with one ormore IDevs, an accounting server application and one or more servicesincluding local and remote applications. Once user credentials have beensubmitted at an IDev they may be sent to an accounting serverapplication or an access control application, which may communicate withthe SSOSA. The SSOSA may access a data table or database containing usercredential data to generate a single sign-on token that is related tothe user's service credentials. This single sign-on token may then betransmitted by the IDev to one or more applications in lieu of varyingcredential data.

Some embodiments of the present invention may comprise an imaging device(IDev) in communication with one or more additional IDevs and/or one ormore remote computing devices (RCDs). These devices may run applicationsthat are remote to an IDev user, but in communication with a singlesign-on server application (SSOSA).

Some exemplary embodiments of the present invention may be describedwith reference to FIG. 13A. These embodiments may comprise one or morenetworked, accounting-controlled imaging devices (IDevs) 130 that are incommunication a single sign-on server application (SSOSA) 132. These oneor more IDevs 130 may also be in communication with a remote service 131such as a remote server application running on a remote computing device(RCD). These IDevs 130 may also have integrated functions 133A, 133Bthat are access-controlled and accessible only with approvedcredentials.

In these embodiments, an IDev 130 may send user sign-on credentials tothe SSOSA 132, which may authenticate the credentials and issue asingle-sign-on (SSO) token, which is related to the user's user servicecredentials for specific services, such as remote applications 131A &131B and functions 133A & 133B. User service credentials are credentialsthat the user would typically use to gain access to the services andthat the user would typically have to enter manually each time the userdesires access to one or these services.

Once an SSO token is related to user service credentials and sent to anIDev 130, the IDev may use the token to automatically sign-on to therelated services. When an IDev user selects a service 131A, the IDevsends the SSO token to the service 131A. The service 131A responds tothe receipt of the token by forwarding the SSO token to the SSOSA 132,which recognizes the relationship to the user service credential andsends the user's credentials for that service to the service 131A. Theservice then authenticates the credentials and grants access to the userat the IDev 130. Other applications 131B and IDev functions 133A & 133Bmay be accessed in the same manner without input of service-specificcredentials.

Some exemplary embodiments of the present invention may be describedwith reference to FIG. 13B. These embodiments may comprise one or morenetworked, accounting-controlled imaging devices (IDevs) 134 that are incommunication with an accounting server application 135, which is alsoin communication with a single sign-on server application (SSOSA) 136.The IDev 134 may also be in communication with services 137 & 138, whichmay be remote applications or integrated functions 139A & 139B. Theseservices, 137, 138, 139A & 139B may also be in communication with theSSOSA 136.

These embodiments illustrated in FIG. 13B operate similarly to thoseillustrate in FIG. 13A except that the accounting application 135receives the user sign-on credential and authenticates the credential.The accounting application, upon successful authentication of thecredential, requests an SSO token from the SSOSA 136, which is thenrelayed to the IDev 134. In this manner, the accounting application actsan intermediary between the IDev 134 and the SSOSA 136 and operates asan authentication application.

In some exemplary SSOSA embodiments, illustrated in FIG. 14, usercredential data comprising user service credential data is stored in atable that relates a user to a single-sign-on (SSO) token, which isfurther related to user service credential data for specific services.

Methods followed by some embodiments of the present invention may bedescribed with reference to FIG. 15. In these embodiments, a user mayenter credentials at an IDev and send 150 the credentials to a SSOSA.The SSOSA may then authenticate 151 the credentials and, upon successfulauthentication 152, issue an SSO token to the user and send the SSOtoken 154 to the IDev for use by the user. The IDev will then store 156the token and use the token for user authentication with services whenneeded.

An exemplary use of the SSO token may be described with reference toFIG. 16. In these exemplary embodiments, a user selects 161 anaccess-controlled service, which requires authentication. Instead ofrequiring user input of credentials, the IDev sends 162 the SSO token tothe service. Upon receiving the SSO token, the service recognizes thetoken and sends 163 the token, or an equivalent token, to the SSOSA. TheSSOSA will then receive the token and relate the token to the userservice credential associated with the service that sent the token. TheSSOSA will then send 164 the appropriate user service credential data tothe service. The service will now be in possession of the user's servicecredential data and will authenticate 165 the user credentials toauthorize access to the service. Upon successful authentication, theuser, via the IDev, will be granted access 166 to the service.

Some embodiments of the present invention may be described withreference to FIG. 17. In these embodiments, a user enters log incredentials 170 at an IDev and sends the credentials to an accountingapplication or an access control application. The accounting or accesscontrol application then authenticates the user credentials 171 and,upon successful authentication, sends a request to a SSOSA to generateor assign a single-sign-on (SSO) token. The SSOSA will then generate orassign 172 the token and relate the token to the user's user servicecredential data. The SSOSA then sends 173 the SSO token to theaccounting or access control application. The accounting or accesscontrol application then sends 174 the SSO token to the IDev, whichstores 175 the SSO token for user authentication with services.

Use of the SSO token issued by the embodiments described in relation toFIG. 17 is similar to the exemplary use described in relation to FIG.16. The SSO token is sent to a service in lieu of user credentials andthe service works in cooperation with the SSOSA to obtain user servicecredential data for the service. The service may then authenticate thecredential data supplied by the SSOSA and grant access based on thatauthentication.

Some embodiments of the present invention, illustrated in FIG. 18,comprise an imaging device (IDev) adapted to utilize one or more SSOtokens. In these embodiments, an IDev may accept 180 user sign-oncredentials and send 181 those credentials to an SSOSA. When thecredentials are successfully authenticated, the IDev will receive 184 anSSO token from the SSOSA and store 185 the SSO token for use inauthenticating the user with access-controlled applications orfunctions. If the sign-on credentials do not authenticate successfully,the SSO token is not issued or sent to the IDev and further access tothe system may be denied 183.

Some embodiments of the present invention, illustrated in FIG. 19,comprise an imaging device (IDev) adapted to communicate with anaccounting application or another form of access-control applicationthrough which the IDev may acquire one or more SSO tokens from an SSOSA.In these embodiments, an IDev may accept 190 user sign-on credentialsand send 181 those credentials to an accounting or access-controlapplication. The accounting/access-control application may then performauthentication on the credentials to validate the user. When thecredentials are successfully authenticated, theaccounting/access-control application may send a request to an SSOSA fora SSO token for the IDev user. The SSOSA may then issue the token, asdescribed above for other embodiments, and send the SSO token to theaccounting/access-control application. The accounting/access-controlapplication may then forward the SSO token to the IDev. The IDev ofthese embodiments will then receive 194 the SSO token and store 195 thetoken for use with associated services.

Once the IDevs, described above in relation to FIGS. 18 and 19, havereceived and stored their SSO token, the tokens may be used toauthenticate the user with associated services. This process may bedescribed with reference to FIG. 20. In these embodiments, an IDev userselects 200 an access-controlled service. This service may be anintegrated IDev function, such as a scan, print or copy functioninternal to the IDev or the service may be a remote application runningon a remote computing device (RCD). In response to this serviceselection or a response from the service, the IDev may send 201 the SSOtoken to the selected service. The service may then respond by sendingthe SSO token to the SSOSA in exchange for user service credentialsassociated with that service. Upon receiving those credentials from theSSOSA, the service may authenticate 202 those credentials. Ifauthentication is successful, the service will grant access to the IDevuser and the IDev user will receive 204 this access and proceed with useof the service. If authentication is unsuccessful, access may be denied203.

Some embodiments of the present invention comprise a single-sign-onserver application (SSOSA) configured to communicate directly with anIDev. Some exemplary embodiments are illustrated in FIG. 21. In theseembodiments, the SSOSA may receive 210 user sign-on credentials from anIDev. These credentials are then authenticated 211 to validate a user.If authentication is successful 212, the SSOSA will relate 214 a SSOtoken to the user's user service credentials and issue the token. TheSSOSA may then send 215 the token to the IDev where the IDev may storethe token and use it to authenticate the user with associated services.

Some embodiments of the present invention comprise a single-sign-onserver application (SSOSA) configured to issue an SSO token to an IDevthrough an accounting or access-control application (AccApp). Someexemplary embodiments are illustrated in FIG. 22. In these embodiments,the SSOSA may receive 220 a request for an SSO token from an AccApp. Inthese embodiments, the AccApp has already authenticated user credentialsand identified the user. The SSO token request from the AccApp willidentify the user to the SSOSA. The SSOSA may then process this requestby relating 221 an SSO token to the user's user service credentials andissuing the SSO token. The SSOSA may then send 222 the SSO token to theAccApp, which may forward the SSO token to the requesting IDev for usewith associated services.

The SSOSA embodiments described in relation to FIGS. 21 and 22 comprisefurther functionality that may be described with reference to FIG. 23.In these embodiments, the SSOSA may receive 230 an SSO token from aservice as a request for user service credentials. The SSOSA may respondto this request by matching 231 the SSO token received from the serviceto user service credential data stored in the SSOSA. Once these servicecredentials are retrieved in the SSOSA, they may be sent 232 to theservice that made the request. Typically the requesting service willthen authenticate the credentials and grant access to the associateduser.

Some embodiments of the present invention comprise an accounting oraccess-control application configured to act as a gateway to an SSOSA.Some of these embodiments may be described in reference to FIG. 24. Inthese embodiments, an accounting/access control application (AccApp) maycomprise an accounting application comprising a credentialauthentication process or an access-control application comprising anauthentication process. In these embodiments, the AccApp may receive 240user credentials, typically from an IDev. The AccApp may respond byauthenticating 241 the credentials to validate the user. If theauthentication process is successful 242, the AccApp may send 244 an SSOtoken request to an SSOSA. If the authentication process is notsuccessful, no token request will be sent and further user access may bedenied 243. Generally, the SSOSA will respond to the token request byrelating an SSO token to the authenticated user's user servicecredential data and by sending the SSO token to the AccApp. The AccAppof these embodiments, will then receive 245 the SSO token and send 246the SSO token to the IDev for use with associated services.

Some embodiments of the present invention comprise services that areconfigured to interact with IDevs and/or SSOSAs using SSO tokens andother communications. Some of these embodiments may be described withreference to FIG. 25. In these embodiments, an access-controlled servicereceives 250 an SSO token from an IDev. Typically this is done in lieuof user credential submission. The service may respond to the receipt ofthe SSO token by forwarding 251 the token to an SSOSA. In someembodiments, the token may be processed at the service to obtain userdata or other information. The SSOSA will respond by retrieving userservice credential data associated with the SSO token and sending theuser service credential data to the requesting service. The services ofthese embodiments, may then receive 252 the user service credential dataand authenticate 253 the credentials to validate the IDev user. Whenauthentication is successful, the service may grant 256 access to theuser. If authentication is not successful, access may be denied 255.

The terms and expressions which have been employed in the forgoingspecification are used therein as terms of description and not oflimitation, and there is no intention in the use of such terms andexpressions of excluding equivalence of the features shown and describedor portions thereof, it being recognized that the scope of the inventionis defined and limited only by the claims which follow.

1. A method for providing single-credential access to multiple,distinct, restricted imaging device services wherein a unique credentialis required for each service, said method comprising: sending credentialmenu content to an application programming interface (API) on an imagingdevice (IDev), wherein said credential menu content comprises a promptfor user input of user sign-on credentials and wherein said credentialmenu content is in the form of a markup language message formatted to betranslated by a user interface processor on said IDev; receiving anauthenticated user identification, wherein said authenticated useridentification is received as user input in response to displaying saidcredential menu content on a display of said IDev and wherein said userinput is authenticated at an accounting application (AcctApp) remote tosaid IDev; maintaining a user credential data table relating a pluralityof unique service credentials to said authenticated user identification;generating a single-sign-on (SSO) token, in response to said receivingan authenticated user identification, wherein said SSO token relates,using said user credential data table, said authenticated useridentification to said plurality of unique service credentials for auser identified in said authenticated user identification and whereinsaid SSO token can be exchanged by one of said unique services for acorresponding one of said unique user service credentials; sending saidSSO token to said IDev; receiving said SSO token from one of said uniqueservices; and sending to said one of said unique services, in exchangefor said SSO token, said corresponding one of said unique user servicecredentials for authentication of the sent unique service credentials atsaid one of said unique services.
 2. A method as described in claim 1wherein said authenticated user identification is generated byauthenticating a user sign-on credential.
 3. A method as described inclaim 2 wherein said user sign-on credential is received from saidimaging device (IDev).
 4. A method as described in claim 2 wherein saiduser sign-on credential is received from an application.
 5. A method asdescribed in claim 1 further comprising sending said sign-on token tosaid AcctApp for forwarding to said IDev.
 6. A method for providingsingle-credential access to multiple, distinct, restricted serviceswherein a unique credential is required for each service, said methodcomprising: sending credential menu content to an applicationprogramming interface (API) on an imaging device (IDev), wherein saidcredential menu content comprises a prompt for user input of usersign-on credentials and wherein said credential menu content is in theform of a markup language message formatted to be translated by a userinterface processor on said IDev; receiving an authenticated useridentification, wherein said authenticated user identification isreceived as user input in response to displaying said credential menucontent on a display of said IDev and wherein said user input isauthenticated at an accounting application (AcctApp) remote to saidIDev; maintaining a user credential data table relating a plurality ofunique service credentials to said authenticated user identification;generating a single-sign-on (SSO) token, in response to said receivingan authenticated user identification, wherein said SSO token relates,using said user credential data table, said authenticated useridentification to said plurality of unique service credentials for auser identified in said authenticated user identification and whereinsaid SSO token can be exchanged by one of said unique services for acorresponding one of said unique user service credentials; sending saidSSO token to said IDev; receiving said SSO token from said one of saidunique services; matching said SSO token to said corresponding one ofsaid unique user service credentials; and sending said one of saidunique user service credentials, in exchange for said SSO token, to saidone of said unique services for authentication of the sent uniqueservice credentials at said one of said unique services.
 7. A method asdescribed in claim 6 wherein said one of said unique services is an IDevfunction.
 8. A method as described in claim 6 wherein said one of saidunique services is a remote application.
 9. A method as described inclaim 6 wherein said matching is performed with the use of a relationaldatabase.
 10. An apparatus for providing single-credential access tomultiple, distinct, restricted services wherein a unique credential isrequired for each service, said apparatus comprising: a menu contentsender for sending credential menu content to an application programminginterface (API) on an imaging device (IDev), wherein said sendercomprises a formatter for formatting said credential menu contentcomprising a prompt for user input of user sign-on credentials andwherein said credential menu content is in the form of a markup languagemessage formatted to be translated by a user interface processor on saidIDev; a receiver for receiving an authenticated user identification froman accounting application (AcctApp) remote to said IDev and remote tosaid receiver, wherein said authenticated user identification isreceived as user input in response to displaying said credential menucontent on a display of said IDev and wherein said user input isauthenticated at said AcctApp; a user credential data table relating aplurality of unique service credentials to said authenticated useridentification; an single sign-on (SSO) token generator for generatingan SSO token, in response to said receiving an authenticated useridentification, wherein said SSO token relates, using said usercredential data table, said authenticated user identification to saidplurality of unique service credentials for a user identified in saidauthenticated user identification and wherein said SSO token can beexchanged by one of said unique services for a corresponding one of saidunique user service credentials; a token sender for sending said SSOtoken to said IDev; a token receiver for receiving said SSO token fromone of said unique services; and a credential sender sending to said oneof said unique services, in exchange for said SSO token, saidcorresponding one of said unique user service credentials forauthentication of the sent unique service credentials at said one ofsaid unique services.
 11. An apparatus as described in claim 10 furthercomprising a user credential data table for matching said SSO token tosaid corresponding one of said unique user service credentials.